The Safe Data | Safe Families Privacy Policy Framework is a companion piece to the American Library Association (ALA) Privacy Toolkit, which provides information for creating or revising a privacy policy. ALA’s toolkit focuses on how libraries–as an institution–can protect patron privacy, including how to protect the information libraries receive from patrons during traditional library transactions. Our privacy policy framework supplements ALA’s toolkit by focusing on staff/patron interactions and covers many of the day-to-day privacy risks patrons face.
Our research with library staff from around the United States has highlighted that each library and library system is unique and comes with its own unique challenges related to its location, population needs, and more. This framework provides you with flexibility in thinking about staff/patron interactions and reduces uncertainty about how to respond to patron requests involving personal information.
We’ve broken the privacy policy framework into sections. Click on a box to get more information or download the full framework as a PDF here.
Descriptions of Sections
In ‘Responding to Patron Requests: What Library Staff Can and Cannot Do,’ we discuss the broader challenges associated with constructing a patron-focused privacy policy for your library. This section provides examples of existing policies that address time limits for staff when handling patron interactions, as well as how staff should handle patron requests involving technology.
The main framework includes six categories that cover a range of privacy considerations. Click on a category below for more information on that topic, including:
- Key Topics: Key topics for each category are listed, along with a short description of why they should be addressed in your privacy policy.
- Recommended Actions: Suggestions on what library staff can do to improve or iterate on current policies that address each topic.
- Example Library Policies: Sample policies from libraries nationwide that address key topics. Note: these policies are current as of May 2021.
The framework includes two additional sections. ‘Tips to Communicate your Library Privacy Policy’ provides ideas for how library staff can share their evolving privacy policies with patrons, while ‘Additional Resources for Crafting your Library Policy’ contains related resources, including links to all library privacy policies referenced in this framework.
Your patrons will likely vary significantly in their skill level when using technology. Helping patrons who may have lower digital literacy skills can introduce a number of privacy challenges, especially when they need assistance with a website or app that is asking for sensitive personal information. Patrons may ask for help creating an account, applying for a job, or filing their taxes.
The best policy in these cases is to make decisions that align with your library’s policies and guidelines while protecting the patron’s privacy as much as possible and remaining within your comfort zone. These situations can provide a useful backdrop for having conversations with patrons about digital privacy and security. That said, there will be times when patrons will request task-oriented assistance but won’t want to take the time to learn about why data privacy matters. It will be up to staff to determine whether there is enough time to help the patron develop these skills or simply provide help with their request.
The following examples include statements shared publicly on some libraries’ websites on how they have addressed how staff should handle patron requests involving technology use and data entry, and how much time staff should devote to a single patron.
Examples
“Staff will devote a reasonable amount of time assisting individual library patrons with the Internet where needed. They cannot devote large amounts of time to each customer because staff members are handling information requests from many individuals. Regular programs, demonstrations, and hands-on sessions on the use of the Internet are provided by the library staff and are available to all patrons. Attendance at such programs may require sign-up in advance, depending on demand.” –Pasco County Libraries (Florida)
“Staff members are trained to assist customers in using the Library catalog and Web site as well as databases and other Web services selected and purchased by the Library. In some cases, vendor assistance is needed to resolve problems with or to answer specialized questions about these services.” –Monterey Public Library (California)
“Security for personal devices rests solely with the owner. Library staff members may provide guidance for accessing library materials and services, but they do not provide technical support.” —Ames Public Library (Iowa)
“Library staff must take appropriate actions to resolve problems which arise during use of the Library’s computer and Internet services and to enforce Library policies and rules. To this end, Library staff members may need to observe computer use, question users, and restrict conduct by users which violates this policy.” –Monterey Public Library (California)
“Library staff members are available to assist patrons of all ages with information literacy: to access information efficiently and effectively, evaluate information critically and competently and use information accurately and creatively.” –San Antonio Public Library (Texas)
As libraries continue to be a public access point for new technologies, the importance of patron privacy grows. Increasingly, libraries are developing policies around protecting patron privacy, as well as the limits of library staff in patron-technology interactions. It is important to ensure that patrons know how their privacy is being protected while using library technology and websites. However, possibly more important is empowering patrons to protect their own privacy while using publicly accessible technologies within the library. Through our library privacy policy framework, we hope to give library staff the tools for protecting patron privacy. But we also want to stress the importance of communicating these policies with patrons. Besides providing easy access to policies on the library system website, there are a number of ways library staff can communicate their library privacy policies, including but not limited to:
- Verbally alerting patrons to specific privacy policies when addressing an individual question/concern;
- Publicly posting privacy policies, preferably in the same location as library computers;
- Providing handouts with a summary of library privacy policies at various locations throughout the building;
- Creating an easily accessible link on the library homepage to navigate to library privacy policies;
- Sharing information about library privacy policies on social media and in email blasts; and,
- Providing written policies in English and the other languages commonly spoken by your patrons.
While the above is not an exhaustive list, it provides a starting point for communicating with patrons about evolving library privacy policies.
Disclaimer
The examples used in this framework were chosen to highlight various ways library systems in the U.S. are addressing the risks associated with patron data and technology use. Their inclusion does not denote an endorsement from the Safe Data | Safe Families project.
Below, you’ll find additional resources that should prove useful in crafting your library’s privacy policies. This includes links to the library policies included in the examples and more information about the ALA Privacy Toolkit.
Links to Library Policies Used in this Document
The following links include some of the library privacy policies that were used to develop this privacy policy.
- Monterey Public Library (CA)
- San Francisco Public Library (CA)
- Santa Monica Public Library (CA)
- DC Public Library (DC)
- Pasco County Libraries (FL)
- Boise Public Library (ID)
- Ames Public Library (IA)
- Iowa City Public Library (IA)
- Acton Memorial Library (MA)
- Anne Arundel County (MD)
- Cecil County Public Library (MD)
- Enoch Pratt Free Library (MD)
- Montgomery County (MD)
- St. Mary’s County (MD)
- South Thomastown Public Library (ME)
- Wayne Public Library (NJ)
- New York Public Library (NY)
- Cleveland Heights Public Library (OH)
- Multnomah County Public Library (OR)
- Dormont Public Library (PA)
- Eastern Monroe Public Library (PA)
- San Antonio Public Library (TX)
- Kitsap Regional Library (WA)
- Boulder Junction Public Library (WI)
- Madison Public Library (WI)
- Colorado Library Consortium Public Library Policy Collection – Established to provide small, rural libraries with EASY access to a clearinghouse of policies
Additional Resources About Patron Privacy
Disclaimer
The resources listed here are provided to aid you in your search for additional tools and information on how to protect patron privacy. Their inclusion is not an endorsement by our research team.
- OCLC is a global library cooperative that provides resources to the library community. The WebJunction Policies page offers examples of policies from a variety of libraries, as well as webinars such as this one on developing library policy.
- Library Records, Patron Privacy, and Library Policies is an article on the Public Libraries Online about developing library policies around patron privacy and library records.
- The Library Freedom Project is an organization that provides librarians and their communities with privacy literacy resources, such as bookmarks with tips on protecting privacy and a guide for protecting yourself from online harassment.
ALA Privacy Toolkit
The ALA Privacy Toolkit provides several resources on how to develop a new privacy policy or update an existing policy. Resources like the Guidelines and Checklists are useful to ensure all areas of the library are covered in the library. Our privacy policy framework focuses specifically on library staff’s interactions with patrons and covers many of the day to day privacy risks patrons face.